Compare P2P lending accounts and IFISAs now

Is The Zopa Login Secure?

Click "Learn" to get help

By on 18 December, 2018 | Read more by this author

The Zopa login page, as well as Zopa's cyber security in general, needs to be strong to deter hackers keen to try and take a piece of the billion pounds being lent through this peer-to-peer lending site.

As WordFence says, the “secure” symbol in your browser next to the URL does not automatically mean “safe”. So how secure and safe is the Zopa login and other aspects of its website?

Standard tests of Zopa's cybersecurity

The website is B-rated by Qualys‘ SSL Labs for its server strength.

Its rating is capped at B because of its cipher suite, which is a a set of programming rules to secure Zopa's servers. According to Qualys, Zopa* does not appear to support the only cipher suite to have no known possible weaknesses – the AEAD suite.

But that doesn't mean that a weakness exists or that any weakness would have a big impact on lenders. Zopa could be taking other steps to mitigate or eliminate those weaknesses.

Sucuri* rates the risk of malware to be low. Malware is like a virus that might attempt to disrupt the Zopa website or get inside it.

Zopa's website security certificate is valid, trusted, and the security key is not weak. The security key is expected to verify that information has not been tampered with. The security certificate validates the authenticity of a website as well as being a tool to encrypt information going from Zopa to your browser and back again.

The website is not vulnerable to the Heartbleed and Ticketbleed threats, which would allow people to easily steal information from Zopa.

ROBOT, BEAST and POODLE – which might sound more like nicknames given to combatants in Robot Wars but they are actually more security weaknesses – these are blessedly not exploitable on the Zopa site, as we would hope and expect.

There is no obviously poor encryption or and no clearly weak ciphers, such as RC4, which would result in a large number of different vulnerabilities.

According to Qualys, Zopa hasn't yet adopted TLS 1.3 (RFC 8446), but this has only been around for a few months so we should give them time. TLS 1.3 is the latest set of rules for encrypting the communication between your browser and Zopa's servers (Zopa's computers with your data on it). Most financial websites will still be using TLS 1.2, which is what Zopa is doing, provided you don't have an out-of-date browser.

Another standard test also detected no malware or server errors that could be exploited by malware.

The website is not blacklisted by any anti-spam groups, such as McAfee or Norton Safe Web.

While no firewall was detected at Zopa, standard tests often can't detect them properly and I think we can count on Zopa to have such a basic safety feature in place. Firewalls are in important defence against hackers.

What's the bottom line for these tests?

The above tests show that there are no obvious signs that Zopa's website is unsafe. If it had failed any of the above tests, it would have been of deep concern.

Is your Zopa login safe?

Your Zopa login is much more likely to be unsafe if you don't create a decent password and keep it safe. Unlike RateSetter it doesn't offer two-factor authentication (when you confirm your identity through your phone as well as through a password) and it doesn't appear to log you out automatically – at least not within 15 minutes.

The length of your password is the most important aspect by far. Indeed, the genius who came up with the idea of a shorter password with numbers, capital letters and special characters has recently, and sheepishly, apologised for wasting everyone's time and giving a false sense of security in shorter passwords.

A 16-character password, even one simply made up of a few memorable words strung together, like “donthackmeplease”, is extremely high security.

Visit Zopa*.

*Commission and impartial research: our service is free to you. We already show dozens of P2P lending companies in our accurate comparison tables and we keep adding more as soon as they provide us with enough details. We receive compensation from Zopa and other P2P lending companies not mentioned above when you click through from our website and open accounts with them. We vigorously ensure that this doesn't affect our editorial independence. Read How we earn money fairly with your help.

We also receive commission from Sucuri if a business clicks through and buys its cyber security services.

Comments are closed.

Today’s average interest rates

What is the “4thWay”?

There's the savings way, the property way, the stock-market way, and now there's the peer-to-peer lending way. The 4thWay® to save and invest.
Learn more.

What does 4thWay do?

We help people save and make more money, more safely when they cut out the banks and lend directly to other people and to businesses.

Why use 4thWay?

4thWay® is shaped by investors, bank risk modellers and a senior debt specialist, and we're governed by our users to ensure our comparison services and research are trustworthy and complete.

Why are Wellesley’s interest rates different?

Wellesley’s P2P lending rates appear higher on its own website than on 4thWay®.

This is because we calculate Wellesley’s interest rates the same way most other P2P lending websites do. We do this so that you can compare the rates more easily and so that they show a more accurate picture of what you’ll earn.

Important information before you visit Wellesley & Co.

Wellesley & Co. is primarily a P2P lending website.

But, when you visit the Wellesley website, you’ll see that it also offers “bonds”. Unlike its P2P lending service, its bonds don’t allow you to lend directly to 100+ borrowers.

Instead, you lend to Wellesley and it lends to other borrowers.

We have not risk-rated either of those bonds, but we expect that their structure makes them more risky, particularly because you’re lending to just one borrower.

Got it

×

Why are Wellesley’s interest rates different?

Wellesley’s P2P lending rates appear higher on its own website than on 4thWay®.

This is because we calculate Wellesley’s interest rates the same way most other P2P lending websites do. We do this so that you can compare the rates more easily and so that they show a more accurate picture of what you’ll earn.

Important information before you visit Wellesley & Co.

Wellesley & Co. is primarily a P2P lending website.

But, when you visit the Wellesley website, you’ll see that it also offers two “bonds”, one of which is available as an ISA.

Unlike its P2P lending service, neither of these bonds allows you to lend directly to 100+ borrowers.

Instead, you lend to Wellesley and it lends to other borrowers.

We have not risk-rated either of those bonds, but we expect that their structure makes them more risky, particularly because you’re lending to just one borrower.

Got it

×

Why are Wellesley’s interest rates different?

Wellesley’s P2P lending rates appear higher on its own website than on 4thWay®.

This is because we calculate Wellesley’s interest rates the same way most other P2P lending websites do. We do this so that you can compare the rates more easily and so that they show a more accurate picture of what you’ll earn.

Important information before you visit Wellesley & Co.

Wellesley & Co. is primarily a P2P lending website.

But, when you visit the Wellesley website, you’ll see that it also offers two “bonds”, one of which is available as an ISA.

Unlike its P2P lending service, neither of these bonds allows you to lend directly to 100+ borrowers.

Instead, you lend to Wellesley and it lends to other borrowers.

We have not risk-rated either of those bonds, but we expect that their structure makes them more risky, particularly because you’re lending to just one borrower.

Got it

×

Why are Orchard’s interest rates different?

Orchard’s lending rates appear higher on its own website than on 4thWay®.

This is because we calculate Orchard’s interest rates the same way most other P2P lending websites do. We do this so that you can compare the rates more easily and so that they show a more accurate picture of what you’ll earn.

Got it

×

Why are Wellesley’s interest rates different?

Wellesley’s P2P lending rates appear higher on its own website than on 4thWay®.

This is because we calculate Wellesley’s interest rates the same way most other P2P lending websites do. We do this so that you can compare the rates more easily and so that they show a more accurate picture of what you’ll earn.

Important information before you visit Wellesley & Co.

Wellesley & Co. is primarily a P2P lending website.

But, when you visit the Wellesley website, you’ll see that it also offers “bonds”. Unlike its P2P lending service, its bonds don’t allow you to lend directly to 100+ borrowers.

Instead, you lend to Wellesley and it lends to other borrowers.

We have not risk-rated either of those bonds, but we expect that their structure makes them more risky, particularly because you’re lending to just one borrower.

Got it

×
Back to top
[wpforms id="21393" title="false" description="false"]